That is the most down to earth explanation of cross domain policies that I have ever read.
Thanks Sunil! On Fri, Feb 13, 2009 at 1:38 PM, sunild999999 <sunilbd...@gmail.com> wrote: > If your SWF is hosted on server A, and it needs to access data from > servers B, C, and D > then you need to put a cross domain policy file on servers B, C, and D that > permit access > from server A. > > Note, these servers (A,B,C,D) are different servers ... the names are not > aliases. It kind of > sounded like one of your host names is an alias for the other. > > The cross domain policy file you deploy on each web server should allow > access from > server A, since that is where your SWF is hosted: > > <allow-access-from domain="serverA.domain.com" /> > > Also, newer versions of the Flash player will complain if your cross domain > policy file does > not have a "site-control" tag. Here's a simple one I use: > > > <site-control permitted-cross-domain-policies="master-only"/> > > Which means there's only one policy file for my site. > > Adobe has some good resources on their site: > http://www.adobe.com/devnet/security/ > > Check out the articles titled "Cross-domain policy file specification" and > "Understanding > security changes in Flash Player 10". > > Regards, > Sunil > > > -- Cheers, Nate ---------------------------------------- http://blog.natebeck.net